[FFmpeg-devel] Null pointer dereference?
Zubin Mevawalla
zubinmeva at qbitlogic.com
Mon May 8 22:08:05 EEST 2017
I was curious if this is a real null pointer dereference issue?
CodeAi, an automated repair tool being developed at Qbit logic,
suggested an if-guard in libavformat/rtpdec.c on line 796 having seen
a path through the control flow where an array access from `buf`
results in a null pointer dereference. If `bufptr` is NULL, and `len`
>= 12, then `buf` is initialized to NULL and dereferenced on line 796.
diff --git a/libavformat/rtpdec.c b/libavformat/rtpdec.c
--- a/libavformat/rtpdec.c
+++ b/libavformat/rtpdec.c
@@ -793,8 +793,10 @@ static int rtp_parse_one_packet(RTPDemuxContext
*s, AVPacket *pkt,
if (len < 12)
return -1;
- if ((buf[0] & 0xc0) != (RTP_VERSION << 6))
+ if(buf) {
+ if ((buf[0] & 0xc0) != (RTP_VERSION << 6))
return -1;
+ }
if (RTP_PT_IS_RTCP(buf[1])) {
return rtcp_parse_packet(s, buf, len);
}
Could I submit this as a patch if it looks alright?
Thanks so much,
Zubin
More information about the ffmpeg-devel
mailing list